A vulnerability list for my project's PHP version. The client would rather not upgrade the PHP version to the last version. Also, it's quite probable that some code will break after the switch from 5.1.6 to 5.3.0. There are, however, two problems I face:

Some vulnerabilities can't be soved with code, they can be solved only be recompiling php with the fixes; I'm forced to rewrite the code to avoid them

I can't seem to find PoC(proof of concept) for most of the vulnerabilities; how can I know I've fixed them/where the problem is, precisely?

2 Answers
2

Upgrading and re-writing some of the code will be the most secure way to address vulnerabilities. Depending on how your application is being accessed you could look at a few different perspectives.

If this is accessed externally on the Internet, I would assume that the users would be within a specific geographic scope. Ex. Site in Florida for a local company with local products. You could block all International traffic since it would not be needed.

If it's an internal intranet application then just monitor the network for anyone doing anything fishy.

If it's on the Internet with International exposure as a requirement, keep everything updated and patched because you are going to get scanned.